I have two logs.
log1 is the start of the process and log2 is the end of the process. How can I get the time taken to complete the process. that is the difference between log2 and log 1.
And also I have log3 , now how do I find the time difference between log3 and log 2
welcome to the Kibana community.
May I ask what is the structure of a document?
Are log1, log2, log3 just different document with a single timestamp or fields of the same document ( i.e. {log1: ..., log2: ..., log3: ... } )?
I've often seen this type of use case where documents store a start and end timestamp value, so using a runtime script can be leveraged to compute a duration field.
Hi Macro,
Thank you for the response.
each log belongs to one document.
Log1 belongs to Document 1 and log2 belongs to Document2 and log3 belongs to Document 3
I can see in every log start, that there is a @timestamp .
when I expand the document i can see two variables with the name @timestamp but both of the have the same value
I see.
If you need to compute something between two distinct document I think that Transforming data | Elasticsearch Guide [8.4] | Elastic is the best way to achieve that.
Runtime or scripted field are able to operate only at the single document level, while aggregations won't deal with specific documents.
Okay. Thank you. is 8.4 the new version and if i have 7.16.3 I may not be able to do right?
Data transformation is available also in 7.16: Transforming data | Elasticsearch Guide [7.16] | Elastic
Hi Macro,
Thank you for the information.
Other than this document, is there any detailed explanation or sample code. to understand better with minimal knowledge on kibana?
Thank you.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.